Hannock Posted May 19, 2017 Report Share Posted May 19, 2017 So Good Morning, I Coded a PE Injector last time, after several hicks however i managed to get it to work. Now i have managed to make a C Program, nw i want to make use of another C++ program inside a C PE injector , unfortunately i get this kind of Error Quote 1>------ Build started: Project: mssecure, Configuration: Debug Win32 ------ 1> main.c 1> FFInject.c 1>c:\users\XXXXXXXX\documents\visual studio 2013\projects\mssecure\mssecure\ffinject.c(20): warning C4101: 'dwSize' : unreferenced local variable 1> Generating Code... 1>FFInject.obj : error LNK2019: unresolved external symbol "void __cdecl setFFHook(void)" (?setFFHook@@YAXXZ) referenced in function "unsigned long __stdcall ThreadProcFF(void)" (?ThreadProcFF@@YGKXZ) 1>C:\Users\XXXXXXXX\Documents\Visual Studio 2013\Projects\mssecure\Debug\mssecure.exe : fatal error LNK1120: 1 unresolved externals ========== Build: 0 succeeded, 1 failed, 0 up-to-date, 0 skipped ========== Source code Looks like this #include <stdio.h> #include <stdlib.h> #include <Windows.h> #include <tlhelp32.h> #include <string.h> #include "FFInject.h" #include "request.h" #include "FFhook.h" DWORD WINAPI ThreadProcFF() { setFFHook(); return 0; } BOOL SetDebugPriviledge(BOOL State) { HANDLE hToken; TOKEN_PRIVILEGES tp; DWORD dwSize; ZeroMemory(&tp, sizeof(tp)); tp.PrivilegeCount = 1; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &hToken)) { return FALSE; } if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &tp.Privileges[0].Luid)) { CloseHandle(hToken); } if (State) { tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; } else { tp.Privileges[0].Attributes = SE_PRIVILEGE_REMOVED; } if (!AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES)NULL, (PDWORD)NULL)) { CloseHandle(hToken); } return CloseHandle(hToken); } DWORD MyGetProcessId(LPCTSTR ProcessName) { PROCESSENTRY32 pt; HANDLE hsnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); pt.dwSize = sizeof(PROCESSENTRY32); if (Process32First(hsnap, &pt)) { do { if (!lstrcmpi(pt.szExeFile, ProcessName)) { CloseHandle(hsnap); return pt.th32ProcessID; } } while (Process32Next(hsnap, &pt)); } CloseHandle(hsnap); return 0; } void InjectFF() { DWORD pid = MyGetProcessId(TEXT("firefox.exe")); PIMAGE_DOS_HEADER pIDH; PIMAGE_NT_HEADERS pINH; PIMAGE_BASE_RELOCATION pIBR; HANDLE hProcess, hThread; PUSHORT TypeOffset; PVOID ImageBase, Buffer, mem; ULONG i, Count, Delta, *p; hProcess = OpenProcess(PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION, FALSE, pid); if (!hProcess) { printf("\nError: Unable to open target process (%u)\n", GetLastError()); //return -1; //getchar(); } ImageBase = GetModuleHandle(NULL); pIDH = (PIMAGE_DOS_HEADER)ImageBase; pINH = (PIMAGE_NT_HEADERS)((PUCHAR)ImageBase + pIDH->e_lfanew); mem = VirtualAllocEx(hProcess, NULL, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); if (!mem) { printf("\nError: Unable to allocate memory in target process (%u)\n", GetLastError()); CloseHandle(hProcess); getchar(); //return 0; } Buffer = VirtualAlloc(NULL, pINH->OptionalHeader.SizeOfImage, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); memcpy(Buffer, ImageBase, pINH->OptionalHeader.SizeOfImage); pIBR = (PIMAGE_BASE_RELOCATION)((PUCHAR)Buffer + pINH->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_BASERELOC].VirtualAddress); Delta = (ULONG)mem - (ULONG)ImageBase; while (pIBR->VirtualAddress) { if (pIBR->SizeOfBlock >= sizeof(IMAGE_BASE_RELOCATION)) { Count = (pIBR->SizeOfBlock - sizeof(IMAGE_BASE_RELOCATION)) / sizeof(USHORT); TypeOffset = (PUSHORT)(pIBR + 1); for (i = 0; i<Count; i++) { if (TypeOffset[i]) { p = (PULONG)((PUCHAR)Buffer + pIBR->VirtualAddress + (TypeOffset[i] & 0xFFF)); *p += Delta; } } } pIBR = (PIMAGE_BASE_RELOCATION)((PUCHAR)pIBR + pIBR->SizeOfBlock); } if (!WriteProcessMemory(hProcess, mem, Buffer, pINH->OptionalHeader.SizeOfImage, NULL)) { printf("\nError: Unable to write process memory (%u)\n", GetLastError()); VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE); CloseHandle(hProcess); getchar(); //return -1; } VirtualFree(Buffer, 0, MEM_RELEASE); hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)((PUCHAR)ThreadProcFF + Delta), NULL, 0, NULL); if (!hThread) { printf("\nError: Unable to create thread in target process (%u)\n", GetLastError()); VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE); CloseHandle(hProcess); //return -1; getchar(); } WaitForSingleObject(hThread, INFINITE); VirtualFreeEx(hProcess, mem, 0, MEM_RELEASE); CloseHandle(hProcess); } What do i seem to get wrongly here? The code in the Hook (setFFHook) is supposed to show Hello i am inside Firefox Quote Link to comment Share on other sites More sharing options...
u0m3 Posted May 19, 2017 Report Share Posted May 19, 2017 It's a linking error. It's quite self-explanatory: in setFFHook you make a call to ThreadProcFF that the linker does not know where to... well link. It does not know what library contains it. Quote Link to comment Share on other sites More sharing options...